[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue 51: sp:RequireDerivedKeys is underspecified
This issue is forever more known as issue 51. -----Original Message----- From: Martin Gudgin Sent: Wednesday, March 29, 2006 1:43 AM To: ws-sx@lists.oasis-open.org Cc: Marc Goodner Subject: NEW ISSUE: sp:RequireDerivedKeys is underspecified PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER. The issues coordinators will notify the list when that has occurred. Protocol: ws-sp WS-SecurityPolicy v1.2 Editors Draft 01 17 January 2006 http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/16289/ws -securitypolicy-1.2-spec-ed-01-r03-diff.pdf Artifact: spec Type: design Title: sp:RequireDerivedKeys is underspecified. Description: Section 5.2 defines a [Derived Keys] property and Section 5.3 defines an sp:RequireDerivedKeys assertion that populates that property. Although WS-SecureConversation allows for two serialized forms of derived keys; implicit and explicit, WS-SecurityPolicy does not provide a mechanism to constrain derived keys to one or the other form. Related issues: None Proposed Resolution: 1. Add a paragraph after the first paragraph in section 5.2.1; See the [Explicit Derived Keys] and [Implicit Derived Key] properties below for information on how particular forms of derived keys are specified. 2. Add a section 5.2.2 as follows; 5.2.2 [Explicit Derived Keys] property This boolean property specifies whether Explicit Derived Keys (ref to WS-SecureConv Section 7) are allowed. If the value is 'true' then Explicit Derived Keys MAY be used. If the value is 'false' then Explicit Derived Keys MUST NOT be used. 3. Add a section 5.2.3 as follows; 5.2.3 [Implicit Derived Keys] property This boolean property specifies whether Implicit Derived Keys (ref to WS-SecureConv Section 7.3) are allowed. If the value is 'true' then Implicit Derived Keys MAY be used. If the value is 'false' then Implicit Derived Keys MUST NOT be used. 5. In Section 5.3 amend the various descriptions of sp:RequireDerivedKeys to read as follows; /sp:XXXToken/wsp:Policy/sp:RequireDerivedKeys This optional element sets the [Derived Keys], [Explicit Derived Keys] and [Implicit Derived Keys] properties for this token to 'true'. 5. In section 5.3 add the following to the various token assertions that support derived keys; /sp:XXXToken/wsp:Policy/sp:RequireExplicitDerivedKeys This optional element sets the [Derived Keys] and [Explicit Derived Keys] properties for this token to 'true and the [Implicit Derived Keys] property for this token to 'false'. /sp:XXXToken/wsp:Policy/sp:RequireImplicitDerivedKeys This optional element sets the [Derived Keys] and [Implicit Derived Keys] properties for this token to 'true and the [Explicit Derived Keys] property for this token to 'false'.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]